From owner-freebsd-stable Mon Dec 9 7:51:39 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3302237B401 for ; Mon, 9 Dec 2002 07:51:37 -0800 (PST) Received: from pcwin002.win.tue.nl (pcwin002.win.tue.nl [131.155.71.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3328943EBE for ; Mon, 9 Dec 2002 07:51:36 -0800 (PST) (envelope-from stijn@pcwin002.win.tue.nl) Received: from pcwin002.win.tue.nl (localhost [127.0.0.1]) by pcwin002.win.tue.nl (8.12.6/8.12.6) with ESMTP id gB9FpSlv044481; Mon, 9 Dec 2002 16:51:28 +0100 (CET) (envelope-from stijn@pcwin002.win.tue.nl) Received: (from stijn@localhost) by pcwin002.win.tue.nl (8.12.6/8.12.6/Submit) id gB9FpSUK044480; Mon, 9 Dec 2002 16:51:28 +0100 (CET) Date: Mon, 9 Dec 2002 16:51:28 +0100 From: Stijn Hoop To: Tod McQuillin Cc: Kenneth W Cochran , freebsd-stable@freebsd.org Subject: Re: Non-root updating & building Message-ID: <20021209155128.GJ24022@pcwin002.win.tue.nl> References: <200212091509.KAA56021362@shell.TheWorld.com> <20021210003716.V42280-100000@glass.pun-pun.prv> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VSaCG/zfRnOiPJtU" Content-Disposition: inline In-Reply-To: <20021210003716.V42280-100000@glass.pun-pun.prv> User-Agent: Mutt/1.4i X-Bright-Idea: Let's abolish HTML mail! Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --VSaCG/zfRnOiPJtU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 10, 2002 at 12:41:16AM +0900, Tod McQuillin wrote: > On Mon, 9 Dec 2002, Kenneth W Cochran wrote: > > What would be a/the Right Way(tm:) to separate the privelege > > of updating/building vs installing world and/or ports? I think it is. > > I've tracked -stable and -ports for a coupla-few years > > now and have long noticed that updating (cvsup/cvs), > > building (make) and installing (make install) require > > being superuser to run (same with ports). > > > > So far, the "method" I can think of for this would be to > > change either the owner or the filemode for /usr/src/* > > and/or /usr/ports/*, update/build as non-root & install as > > root. (Owner would be simpler I think, but I'm wondering > > about things like being at odds with the likes of mtree > > and friends.) Am I on the right track? Yes that's what I use. 'make' as non-root, 'make install' as root. > > Is there any OS support for this, for example, any knobs > > in, say, make.conf to enable/configure/control this? WRKDIRPREFIX comes in handy, as does DISTDIR. See below. > I have never tried it, but if you use the portupgrade utilities, there is > a --sudo command option which seems to imply that it runs as non-root > where it can and uses sudo where it needs privileges. >=20 > I would be interested to know if this actually works. It works perfectly with one catch: RUN_DEPENDS actually only gets build when doing a make install. This is why you sometimes still have root buildi= ng a port, if you're not careful to install the depends yourself (or let portupgrade do them using -R). > For build/install world, it should work to make sure your /usr/src is > readable and your /usr/obj writable by a non-root user. Of course you > will need to be root to install to system directories. And for a totally read-only source tree you can now (just recently MFC'd) s= et KERNCONFDIR=3D/etc or some such and don't even need to edit the kernel configuration below /usr/src. When reinstalling a system, I create a new user to own the ports/src trees, set WRKDIRPREFIX and DISTDIR in /etc/make.conf to somewhere I can write as 'stijn', and do port builds and buildworlds as 'stijn'. Only my cvsup script uses the new 'src' user. portupgrade -s (=3D=3D use sudo) works great in th= is setup. --Stijn --=20 The rain it raineth on the just And also on the unjust fella, But chiefly on the just, because The unjust steals the just's umbrella. --VSaCG/zfRnOiPJtU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE99LwAY3r/tLQmfWcRAqlUAJ9ZNrjyBu/Z70QxER9LzrLGexdwrQCggZSc Vpm0vgeVbw7RLi/zX0bRy40= =Z0sv -----END PGP SIGNATURE----- --VSaCG/zfRnOiPJtU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message